Vulnerability in Nextcloud Nextcloud_server
CVE-2016-9467
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid…
EPSS: 0.010 (77.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Nextcloud Nextcloud_server
- Owncloud
- N/a Nextcloud Server & Owncloud Before 9.0.54 And 10.0.1 9.0.6 9.1.2 — versions Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2
Weakness classification (CWE)
References
- support@hackerone.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- support@hackerone.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- support@hackerone.com (Patch, x_refsource_MISC, Vendor Advisory)
- support@hackerone.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- support@hackerone.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- support@hackerone.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- support@hackerone.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- support@hackerone.com (Exploit, Third Party Advisory, x_refsource_MISC)
- support@hackerone.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- support@hackerone.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
Frequently asked questions
- What is CVE-2016-9467?
- CVE-2016-9467 is a medium-severity vulnerability in Nextcloud Nextcloud_server, classified under User Interface (UI) Misrepresentation of Critical Information. CVSS score: 5.3/10. Published 2017-03-28.
- How severe is CVE-2016-9467?
- Medium severity. CVSS v3 base score is 5.3 out of 10.